openssh bugs - Jan 2022 - [Bug 3377] New: improve GlobalKnownHostsFile and UserKnownHostsFile (wildcards + mulitple specifications)

https://bugzilla.mindrot.org/show_bug.cgi?id=3377

            Bug ID: 3377
           Summary: improve GlobalKnownHostsFile and UserKnownHostsFile
                    (wildcards + mulitple specifications)
           Product: Portable OpenSSH
           Version: 8.8p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: calestyo at scientia.org

Hey.

The following features would be quite nice IMO:

1) Allowing to specify directories or better wildcards for
GlobalKnownHostsFile and UserKnownHostsFile.
The idea would be especially to have something like:
GlobalKnownHostsFile /etc/ssh/ssh_known_hosts,
/etc/ssh/ssh_known_hosts2, /etc/ssh/ssh_known_hosts.d/*.known_hosts as
default.
Distros could then ship that directories and package could place their
known hosts into that.
E.g. one could have then have distro supplied packages with the public
keys of well known services like GitHub/GitLab/etc.

That would be some good alternative for peoples who don't like/trust
the mechanisms of distributing the keys via DNS or that like.


2) Less important, but possibly still nice would be if one could
specify 
GlobalKnownHostsFile and UserKnownHostsFile multiple times and the
effect being cumulative.
Perhaps one could also make a special syntax that allows
adding/removing from the list like:
GlobalKnownHostsFile = foo
or
GlobalKnownHostsFile foo
=> resets the list the list to just foo

GlobalKnownHostsFile + bar
=> adds bar

GlobalKnownHostsFile - baz
=> removes baz


Thanks,
Chris.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3377

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Re 1) 

We don't like implicitly reading whole directories because it's easy to
surprise oneself through misconfigurations like forgetting a path
component.

OTOH adding wildcards for the hostfiles is possible, though a fair bit
of work because of the multiple contexts in which they are loaded.

Re 2)

We don't want to make any configuration directives additive.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3377

--- Comment #2 from Christoph Anton Mitterer <calestyo at scientia.org>
---
(1) yes, wildcard rather then whole directories would be better (and
suffice).

(2) With (1), (2) shouldn't be necessary.
I just mentioned it, because there are already some additive
directives, AFAIU (like ListenAddress or IdentityFile). But not needed
from my side.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.